What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-11 11:53:21 | 251k Impacted by Data Breach at Insurance Firm Bay Bridge Administrators (lien direct) | Third-party administrator of insurance products Bay Bridge Administrators (BBA) is informing roughly 250,000 individuals that their personal information might have been compromised in a September 2022 data breach. | Data Breach | ★★ | |
|
2023-01-10 12:49:25 | PyPI Users Targeted With PoweRAT Malware (lien direct) | Software supply chain security firm Phylum has identified a malicious attack targeting Python Package Index (PyPI) users with the PoweRAT backdoor and information stealer. | Malware | ★★ | |
|
2023-01-10 12:40:03 | Iowa\'s Largest City Cancels Classes Due to Cyber Attack (lien direct) | Iowa's largest school district cancelled classes for Tuesday after determining there was a cyber attack on its technology network. Des Moines Public Schools announced Monday that classes would be cancelled for its 33,000 students after being “alerted to a cyber security incident on its technology network.” | ★★ | ||
|
2023-01-09 17:27:16 | Justices Turn Away Israeli Spyware Maker in WhatsApp Suit (lien direct) | The Supreme Court on Monday rejected an Israeli spyware maker's bid to derail a high-profile lawsuit filed by the WhatsApp messaging service. The justices left in place lower court rulings against the Israeli firm, NSO Group. WhatsApp claims that NSO targeted some 1,400 users of the encrypted messaging service with highly sophisticated spyware. | ★★ | ||
|
2023-01-09 14:15:05 | Air France, KLM Customers Warned of Loyalty Program Account Hacking (lien direct) | Franco-Dutch airline company Air France-KLM has started informing Flying Blue customers of a data breach involving their user accounts. Air France-KLM was formed in 2004, following the merger between Air France and KLM. Flying Blue is their loyalty program, also used by Aircalin, Kenya Airways, TAROM, and Transavia. | Data Breach | ★★★★ | |
|
2023-01-09 13:16:26 | FCC Proposes Tighter Data Breach Reporting Rules for Wireless Carriers (lien direct) | The Federal Communications Commission (FCC) is proposing tighter rules on the reporting of data breaches by wireless carriers. The updated rules, the FCC says, will fall in line with recent changes in federal and state laws regarding data breaches in other sectors. | Data Breach | ★★★ | |
|
2023-01-06 15:55:53 | XDR and the Age-old Problem of Alert Fatigue (lien direct) | XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture | Threat | ★★★ | |
|
2023-01-06 15:44:09 | Many of 13 New Mac Malware Families Discovered in 2022 Linked to China (lien direct) | More than a dozen new Mac malware families were discovered in 2022, including information stealers, cryptocurrency miners, loaders, and backdoors, and many of them have been linked to China. | Malware | ★★★★ | |
|
2023-01-06 13:36:58 | Russian Turla Cyberspies Leveraged Other Hackers\' USB-Delivered Malware (lien direct) | In a recent attack against a Ukrainian organization, Russian state-sponsored threat actor Turla leveraged legacy Andromeda malware likely deployed by other hackers via an infected USB drive, Mandiant reports. | Malware Threat | ★★ | |
|
2023-01-06 10:22:05 | Rackspace Completes Investigation Into Ransomware Attack (lien direct) | Cloud company Rackspace has completed its investigation into the recent ransomware attack and found that the hackers did access some customer resources. | Ransomware | ★★★ | |
|
2023-01-05 15:55:19 | Zoho Urges ManageEngine Users to Patch Serious SQL Injection Vulnerability (lien direct) | Zoho this week announced patches for a high-severity SQL injection vulnerability in ManageEngine Password Manager Pro, PAM360, and Access Manager Plus. ManageEngine is an enterprise software solution offering management capabilities for endpoints, enterprise services, identity and access, IT operations, and security information and events. | Vulnerability | ★★ | |
|
2023-01-05 13:12:10 | Burger Chain Five Guys Discloses Data Breach Impacting Job Applicants (lien direct) | US burger chain Five Guys has disclosed a data breach impacting job applicants, and the company may be facing a lawsuit over the cybersecurity incident. Five Guys appears to have started informing customers on December 29, when it also notified state authorities about the incident. | Data Breach | ★★ | |
|
2023-01-05 10:25:12 | Play Ransomware Group Used New Exploitation Method in Rackspace Attack (lien direct) | The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this week. | Ransomware | ★★★ | |
|
2023-01-04 14:56:37 | Android\'s First Security Updates for 2023 Patch 60 Vulnerabilities (lien direct) | Google announced on Tuesday the first Android security updates for 2023, which patch a total of 60 vulnerabilities. The first part of the update, which arrives on devices as the 2023-01-01 security patch level, addresses 19 security defects in the Framework and System components. | ★★★ | ||
|
2023-01-04 13:07:13 | Wabtec Says Personal Information Compromised in Ransomware Attack (lien direct) | Rail systems and locomotive manufacturer Wabtec has started sending notification letters to individuals whose personal information was stolen in a ransomware attack last year. The US-based firm provides railway equipment, systems, and services worldwide and has offices in the Americas, Australia, and Europe. The company has roughly 27,000 employees. | Ransomware | ★★★ | |
|
2023-01-04 11:25:53 | Hacker Selling Data Allegedly Stolen From Volvo Cars Following Ransomware Attack (lien direct) | A hacker is offering to sell data allegedly stolen from Swedish vehicle manufacturer Volvo Cars following a ransomware attack carried out in late December. | Ransomware | ★★★ | |
|
2023-01-03 18:33:39 | Researcher Says Google Paid $100k Bug Bounty for Smart Speaker Vulnerabilities (lien direct) | Security researcher Matt Kunze says Google paid him a $107,500 bug bounty reward for responsibly reporting vulnerabilities in the Google Home Mini smart speaker. The issues, the researcher says, could have been exploited by an attacker within wireless proximity to create a rogue account on the device and then perform various actions. | ★★★ | ||
|
2023-01-03 12:50:38 | Malware Delivered to PyTorch Users in Supply Chain Attack (lien direct) | Last week's nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack. Now part of the Linux Foundation umbrella, PyTorch is based on the Torch library and is used for applications in computer vision and natural language processing fields. | Malware | ★ | |
|
2023-01-03 10:37:40 | Ransomware Attack Forces Canadian Mining Company to Shut Down Mill (lien direct) | Canadian Copper Mountain Mining Corporation (CMMC) last week shut down its mill after falling victim to a ransomware attack. Listed on the Toronto Stock Exchange, the firm owns most of the Copper Mountain mine. Located in southern British Columbia, the mine produces an average of 100 million pounds of copper equivalent per year. | Ransomware | ★★★ | |
|
2022-12-29 10:42:45 | Data Breach at Louisiana Healthcare Provider Impacts 270,000 Patients (lien direct) | Southwest Louisiana healthcare provider Lake Charles Memorial Health System (LCMHS) is informing roughly 270,000 patients that their personal and medical information was compromised in a data breach. | Data Breach Medical | ★★ | |
|
2022-12-23 10:38:13 | BetMGM Confirms Breach as Hackers Offer to Sell Data of 1.5 Million Customers (lien direct) | MGM Resorts-owned online sports betting company BetMGM confirmed suffering a data breach the same day hackers offered to sell a database containing the information of 1.5 million BetMGM customers. In a statement posted on its website on December 21, BetMGM said “patron records were obtained in an unauthorized manner”. | Data Breach | ★ | |
|
2022-12-22 21:07:44 | LastPass Says Password Vault Data Stolen in Data Breach (lien direct) | Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that could be exposed by brute-forcing or guessing master passwords. | Data Breach | LastPass | ★ |
|
2022-12-22 11:38:23 | Ransomware Attack Causes Disruption at British Newspaper The Guardian (lien direct) | British news organization The Guardian on Wednesday announced that a ransomware attack has been causing disruption to behind-the-scenes services. | Ransomware | ★★★ | |
|
2022-12-22 09:27:59 | Godfather Android Banking Trojan Targeting Over 400 Applications (lien direct) | The Godfather Android banking trojan has been observed targeting over 400 banking and crypto applications in 16 countries, threat intelligence firm Group-IB warns. | Threat | ★★★ | |
|
2022-12-21 14:54:19 | Cyber Insurance Analytics Firm CyberCube Raises $50 Million (lien direct) | CyberCube, a provider of cyber risk analytics for insurance companies, this week announced that it has raised $50 million in a new funding round that brings the total raised by the firm to $105 million. | ★★ | ||
|
2022-12-21 14:44:57 | Critical Vulnerabilities Found in Passwordstate Enterprise Password Manager (lien direct) | Researchers discovered that the Passwordstate enterprise password manager made by Australian company Click Studios is affected by serious vulnerabilities that could allow an unauthenticated attacker to obtain a user's passwords. | ★★ | ||
|
2022-12-20 14:38:03 | DraftKings Data Breach Impacts Personal Information of 68,000 Customers (lien direct) | Sports betting firm DraftKings says the personal data of 68,000 individuals has been compromised in a recent data breach. The incident, initially disclosed in November, was the result of a credential stuffing attack and not a breach of DraftKings' systems, the company says. | Data Breach | ★★ | |
|
2022-12-20 11:41:31 | New \'RisePro\' Infostealer Increasingly Popular Among Cybercriminals (lien direct) | A recently identified information stealer named 'RisePro' is being distributed by pay-per-install malware downloader service 'PrivateLoader', cyberthreat firm Flashpoint reports. Written in C++, RisePro harvests potentially sensitive information from the compromised machines and then attempts to exfiltrate it as logs. | Malware | ★★ | |
|
2022-12-19 17:33:17 | Malicious PyPI Module Poses as SentinelOne SDK (lien direct) | Security researchers with ReversingLabs warn of a new supply chain attack using a malicious PyPI module that poses as a software development kit (SDK) from the cybersecurity firm SentinelOne. | ★★★ | ||
|
2022-12-16 11:31:18 | Social Blade Confirms Breach After Hacker Offers to Sell User Data (lien direct) | Social media analytics service Social Blade has confirmed a security breach after a hacker offered to sell a database allegedly stolen from the company's systems. | ★★ | ||
|
2022-12-15 12:56:02 | Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPG (lien direct) | Australia's TPG Telecom this week announced that a threat actor has gained unauthorized access to a service hosting the email accounts of 15,000 customers. The second largest telecommunications company in the country, TPG Telecom was formerly known as Vodafone Hutchison Australia, but was renamed after its merger with TPG. | Hack Threat | ★★ | |
|
2022-12-15 12:48:47 | Hacker Claims Breach of FBI\'s Critical-Infrastructure Portal (lien direct) | A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of InfraGard, an FBI-run outreach program that shares sensitive information on national security and cybersecurity threats with public officials and private sector actors who run U.S. critical infrastructure. | ★★ | ||
|
2022-12-14 16:19:14 | Google Announces Vulnerability Scanner for Open Source Developers (lien direct) | Google this week announced OSV-Scanner, a free scanner that open source developers can use to receive vulnerability details relevant to their projects. The high number of dependencies that software projects rely on increases the risk of falling victim to a supply chain attack or to the exploitation of unknown vulnerabilities. | Vulnerability | ★ | |
|
2022-12-14 09:07:55 | HackerOne Surpasses $230 Million in Paid Bug Bounties (lien direct) | Bug bounty platform HackerOne says ethical hackers have identified and reported more than 65,000 software vulnerabilities in 2022. The popular hacker-powered platform, which hosts bug bounty programs for both private and public organizations, including government agencies, has paid out a total of $230 million in bug bounties since its inception. | ★★★★ | ||
|
2022-12-13 11:42:17 | Twitter Responds to Recent Data Leak Reports (lien direct) | Twitter has responded to recent data leak reports, confirming that the exposed information is the same as the one that was making the rounds earlier this year. | ★ | ||
|
2022-12-13 10:35:25 | Uber Data Leaked Following Breach at Third-Party Vendor (lien direct) | Information apparently belonging to ride-hailing giant Uber has been leaked online and the source of the data is likely a third-party IT vendor. Over the weekend, a user with the moniker 'UberLeak' made public on a hacker forum a 600 Mb archive file allegedly containing 20 million records of data coming from Uber systems. | Uber Uber | ★★★ | |
|
2022-12-12 12:46:57 | Python, JavaScript Developers Targeted With Fake Packages Delivering Ransomware (lien direct) | Phylum security researchers warn of a new software supply chain attack relying on typosquatting to target Python and JavaScript developers. | Ransomware | ★★ | |
|
2022-12-12 12:21:29 | Rackspace Hit With Lawsuits Over Ransomware Attack (lien direct) | At least two lawsuits have been filed against Texas-based cloud company Rackspace over the recently disclosed ransomware attack. | Ransomware | ★ | |
|
2022-12-11 11:36:02 | As Wiretap Claims Rattle Government, Greece Bans Spyware (lien direct) | Lawmakers in Greece on Friday approved legislation banning commercial spyware and reforming rules for legally-sanctioned wiretaps following allegations that senior government officials and journalists had been targeted by shadowy surveillance software. The 156-142 vote in parliament followed two days of debate, during which opposition lawmakers accused the government of attempting to cover up the illegal surveillance. | ★★ | ||
|
2022-12-10 16:12:19 | Video: Deep Dive on PIPEDREAM/Incontroller ICS Attack Framework (lien direct) | ★★★ | |||
|
2022-12-09 10:36:21 | Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet (lien direct) | More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns. | ★★★ | ||
|
2022-12-08 15:20:51 | WAFs of Several Major Vendors Bypassed With Generic Attack Method (lien direct) | Researchers at industrial and IoT cybersecurity firm Claroty have identified a generic method for bypassing the web application firewalls (WAFs) of several major vendors. | Industrial | ★★ | |
|
2022-12-08 13:36:43 | Iranian Hackers Deliver New \'Fantasy\' Wiper to Diamond Industry via Supply Chain Attack (lien direct) | An Iran-linked advanced persistent threat (APT) actor named Agrius is using a new wiper in attacks targeting entities in South Africa, Israel and Hong Kong, cybersecurity firm ESET reports. | Threat | ★★ | |
|
2022-12-08 12:01:56 | CloudSEK Blames Hack on Another Cybersecurity Company (lien direct) | Digital risk protection company CloudSEK claims that another cybersecurity firm is behind a recent data breach resulting from the compromise of an employee's Jira account. As part of the targeted cyberattack, an unknown party used session cookies for the employee's Jira account to gain access to various types of internal data. | Data Breach Hack | ★★ | |
|
2022-12-07 14:08:48 | New Zealand Government Hit by Ransomware Attack on IT Provider (lien direct) | The New Zealand government this week confirmed being impacted by a ransomware attack on managed service provider (MSP) Mercury IT, which has disrupted businesses and public authorities in the country. A small business with only 25 employees, Mercury IT provides cybersecurity, IT, telecoms, and support services for multiple organizations in the country. | Ransomware | ★★ | |
|
2022-12-07 09:30:23 | Over 75 Vulnerabilities Patched in Android With December 2022 Security Updates (lien direct) | Google this week announced the December 2022 Android updates with patches for over 75 vulnerabilities, including multiple critical remote code execution (RCE) flaws. The most severe of the RCE bugs is CVE-2022-20411, an issue in Android's System component that could be exploited over Bluetooth. | Mobile | ★★★★ | |
|
2022-12-06 14:44:04 | Rackspace Confirms Ransomware Attack as It Tries to Determine If Data Was Stolen (lien direct) | Cloud company Rackspace has confirmed being targeted in a ransomware attack after it was forced to shut down its Hosted Exchange environment. Rackspace's hosted Microsoft Exchange service started experiencing problems on Friday, December 2. The company shut down the impacted environment and confirmed on Saturday that it was a security incident. | Ransomware | ★ | |
|
2022-12-05 17:45:25 | SIM Swapper Who Stole $20 Million Sentenced to Prison (lien direct) | Nicholas Truglia, of Florida, was sentenced to 18 months in prison last week for stealing more than $20 million in a SIM swapping scheme. According to the indictment, in January 2018, Truglia, now aged 25, participated in a scheme to hack into online accounts in an effort to steal cryptocurrency. He pleaded guilty in late 2021. | Hack Guideline | ★★ | |
|
2022-12-02 13:48:36 | Report: California Gun Data Breach Was Unintentional (lien direct) | California's Department of Justice mistakenly posted the names, addresses and birthdays of nearly 200,000 gun owners on the internet because officials didn't follow policies or understand how to operate their website, according to an investigation released Wednesday. | Data Breach | ★★★★ | |
|
2022-12-02 11:56:50 | Mitsubishi Electric PLCs Exposed to Attacks by Engineering Software Flaws (lien direct) | Researchers at industrial cybersecurity firm Nozomi Networks have discovered three vulnerabilities in Mitsubishi Electric's GX Works3 engineering workstation software that could be exploited to hack safety systems. | Hack | ★★★ |
To see everything:
Our RSS (filtrered)
